/**
 * 
 */
package neptune.web.server.security;

import it.robertobifulco.ias.IAS;
import it.robertobifulco.ias.Operation;
import it.robertobifulco.ias.UnauthorizedOperationException;
import it.robertobifulco.ias.principalmanager.Principal;
import it.robertobifulco.ias.rolemanager.RoleUndefinedException;

import javax.servlet.http.HttpSession;

import neptune.web.client.services.NoSessionException;
import neptune.web.client.services.SecurityException;
import neptune.web.server.ApplicationManager;
import neptune.web.server.InitializationException;

/**
 * Classe di utilita' per gestire i parametri legati alle sessioni HTTP
 * 
 * @author Roberto Bifulco [info@robertobifulco.it, robertobifulco.it]
 * 
 */
public class SecurityHelper {

	public static final String PRINCIPAL_ATTRIBUTE = "principal";

	/**
	 * 
	 * @param payloadCookie
	 * @param headerCookie
	 * @throws SessionCookieException
	 */
	public static void isSessionCorrect(String payloadCookie,
			String headerCookie) throws SessionCookieException {
		if (!payloadCookie.equals(headerCookie))
			throw new SessionCookieException();
	}

	/**
	 * Recupera il principal definito per questa sessione o lancia una eccezione
	 * nel caso non sia possibile farlo.
	 * 
	 * @param session
	 * @return
	 * @throws SecurityException
	 */
	public static Principal getPrincipal(HttpSession session)
			throws SecurityException {
		if (session == null)
			throw new NoSessionException(
					"There's no session defined, maybe a new login is needed");

		Principal principal = (Principal) session
				.getAttribute(PRINCIPAL_ATTRIBUTE);
		if (principal == null)
			throw new SecurityException(" No principal defined\n\n Please repeat login!");

		return principal;
	}

	/**
	 * Aggiunge il principal alle variabili di sessione
	 * 
	 * @param session
	 * @param principal
	 */
	public static void setPrincipal(HttpSession session, Principal principal) {
		session.setAttribute(PRINCIPAL_ATTRIBUTE, principal);
	}

	public static Operation getOperation(String operationID, HttpSession session)
			throws SecurityException, UnauthorizedOperationException,
			RoleUndefinedException {
		Operation operation = null;
		try {
			Principal principal = SecurityHelper.getPrincipal(session);

			IAS ias = null;
			try {
				ias = ApplicationManager.getApplicationManager().getIAS();
			} catch (InitializationException e) {
				e.printStackTrace();
				throw new SecurityException(e.getMessage());
			}
			operation = ias.getOperation(operationID, principal);
		} catch (IASCreationException e) {
			e.printStackTrace();
			throw new SecurityException(e.getMessage());
		}

		return operation;
	}

	public static Operation getOperation(String operationID, Object extraInfos, HttpSession session)
			throws SecurityException, UnauthorizedOperationException,
			RoleUndefinedException {
		Operation operation = null;
		try {
			Principal principal = SecurityHelper.getPrincipal(session);

			IAS ias = null;
			try {
				ias = ApplicationManager.getApplicationManager().getIAS();
			} catch (InitializationException e) {
				e.printStackTrace();
				throw new SecurityException(e.getMessage());
			}
			operation = ias.getOperation(operationID, principal, extraInfos);
		} catch (IASCreationException e) {
			e.printStackTrace();
			throw new SecurityException(e.getMessage());
		}

		return operation;
	}

}
